package com.shrio.shrio_demo.config;

import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

/**
 * @Author Zhang Chao
 * @Date 2021/3/25 16:40
 * @Version 1.0
 */
public class UserRealm extends AuthorizingRealm {
    //授权
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("执行了授权");
        return null;
    }
    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("执行了认证");
        // 用户名、密码， 数据中取 此数据虚拟(可以从数据库中取)
        String name = "root";
        String password = "123456";
        //强转令牌 获取到从前端封装过来的账号和密码
        UsernamePasswordToken userToken= (UsernamePasswordToken) authenticationToken;
        //如果用户名不正确则抛出UnknownAccountException异常 告诉用户改用户名不存在
        if (!userToken.getUsername().equals(name)) {
            return null;//抛出异常 UnknownAccountException
        }
        //密码验证,因为密码事关程序的安全,我们需要交给shiro中SimpleAuthenticationInfo类来做
        return new SimpleAuthenticationInfo("",password,"");
    }
}
